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Abstract. We introduce quantatitive timed refinement metrics and quantitative timed simulation 
functions, incorporating zenoness checks, for timed systems. These functions assign positive real num- 
bers between zero and infinity which quantify the timing mismatches in between two timed systems, 
amongst non-zeno runs. We quantify timing mismatches in three ways: (1) the maximum timing mis- 
match that can arise, (2) the "steady-state" maximum timing mismatches, where initial transient timing 
mismatches are ignored; and (3) the (long-run) average timing mismatches amongst two systems. These 
three kinds of mismatches constitute three important types of timing differences. Our event times are 
the global times, measured from the start of the system execution, not just the time durations of individ- 
ual steps. We present algorithms over timed automata for computing the three quantitative simulation 
functions to within any desired degree of accuracy. In order to compute the values of the quantitative 
simulation functions, we use a game theoretic formulation. We introduce two new kinds of objectives for 
two player games on finite state game graphs: (I) eventual debit-sum level objectives, and (2) average 
debit-sum level objectives. We present algorithms for computing the optimal values for these objectives 
for player 1, and then use these algorithms to compute the values of the quantitative timed simulation 
functions. 



1 Introduction 

Theories of system approximation for continuous systems are used for analyzing systems that differ 
to a small extent, as opposed to the traditional boolean yes/no view of system refinement for discrete 
systems. These theories are necessary as formal models are only approximations of the real world, and 
are subject to estimation and modelling errors. Approximation theories have been traditionally de- 
veloped for continuous control systems [ASG01] and more recently for linear and non-linear systems 
[GJP08; GPT10; Pol+10], timed systems [HMP05], labeled Markov Processes [Des+04], probabilis- 
tic automata [Bre+03], quantitative transition systems [AFS09], and software systems [CGL12]. 

Timed and hybrid systems model the evolution of system outputs as well as the timing aspects 
related to the system evolution. In this work we develop a theory of system approximation for 
timed systems by quantifying the timing differences between corresponding system events. We first 
generalize timed refinement relations to metrics on timed systems that quantitatively estimate the 
closeness of two systems. Given a timed model T s denoting the abstract specification model, and 
a model T r denoting the concrete refined implementation of T s , we assign a positive real number 
between zero and infinity to the pair (T r ,T s ) which denotes the quantitative refinement distance 
between T r and T s . Given a trace try of T r , and a trace tr s of T s , we define various distances 
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Fig. 1. Two timed automata Ti,T 2 . 



between the two traces, e.g., the distance being oo if the untimed trace sequences differ, and being 
the supremum of the differences of the matching timepoints for matching events otherwise. Our 
event times are the global times, measured from the start of the system execution, not just the 
time durations of individual steps. The distance between the systems T r and T s is taken to be the 
supremum of closest matching trace differences from the initial states. 

Timed trace inclusion is undecidable on timed automata [AD94], thus timed refinement is con- 
servatively estimated using timed simulation relations [Cer92]. Simulation relations take a branching 
time view, unlike the linear view of refinement relations, and can be defined using two player games. 
We generalize timed simulation relations to quantitative timed simulation functions, and define the 
values of quantitative timed simulation functions as the real- valued outcome of games played on the 
corresponding timed graphs. 

Zeno runs where time converges is an artifact present in models of timed systems due to model 
imperfections; such runs are obviously absent in the physical systems which our timed models are 
meant to represent. We thus exclude Zeno runs in our computation of quantitative timed refinement 
and quantitative timed simulation relations. 

We define three illustrative quantitative timed simulation functions which measure three impor- 
tant system differences. The maximum time difference quantitative simulation function denotes the 
maximum time discrepancy that can arise amongst matching transitions. The eventual maximum 
time difference quantitative simulation function denotes the eventual maximum time discrepancy 
that arises (ignoring finite time trace prefix discrepancies) amongst matching transitions. This cor- 
responds to the "steady-state" difference between systems, ignoring transient behavior. The (long- 
run) average time difference quantitative simulation function denotes the average time discrepancy 
amongst matching transitions. This function measures the long-run average time discrepancies, per 
transition, amongst two timed systems. Ideally, we want all three simulation functions to be as small 
as possible between the specification and the implementation systems, but minimizing one may lead 
to increase in values for others. Thus, all three simulation functions give important information 
about systems. We illustrate the various quantitative timed simulation functions via examples. 

Example 1 (Maximum Time Difference) . Consider the two timed automata Ti and T2 in Figure 1. 
The locations are labelled with the observations. The starting location of each automaton is the 
one labelled with the observation a, and the starting value of the clock x is 0. Let us look at 
the value of the maximum time difference quantitative timed simulation function §MaxDiff f° r the 
state pair ^(a, x = 0) Tl ,(a,x = 0) T2 ^. The value is (1) infinity if every transition from the state in 
Ti cannot be matched by a transition from the matching state in T2 (and similarly for following 
steps), that is the state of 7\ time-abstract simulates the state of T2 ; (2) the maximum time 
difference between matching transitions of 7\ and T2 otherwise, amongst time- divergent runs. For 
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the two timed automata in Figure 1, it can be checked that (a,x = 0) 1 time-abstract simulates 

rr 

(a, x = 0) 2 , and that the maximum time difference between matching transitions is 9 time units, 
(e.g. between the paths (a,x = of 1 (b,x = of 1 — (c,x = of 1 — (c,x = of 1 — ^ ■ ■ ■ and 
(a,x = of 2 ^(b,x = of 2 -^(c,x = of 2 -^(c,x = of 2 A---)- □ 

Example 2 (Global Event Times). Consider the two timed automata in Figure 2. The value of 




reset x reset x 

Fig. 2. Two timed automata 0*3,0*4. 



the maximum time difference quantitative timed simulation function SiviaxDiff for the state pair 
(<a,s = 0)*> ,(a,x = Ofj is oo, since timing mismatch corresponding to the n-th transition is n 

(the n-th transition in T3 occurs at global time n, the n-th transition in T4 occurs at global time 
2 • n). We depict the timelines in Figure 3. □ 
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Fig. 3. Timeline of 0*3,0*4 events. 



Example 3 (Eventual Maximum Time Difference). Consider the two timed automata 7\ and T2 
in Figure 1. Let us look at the value of the eventual maximum time difference quantitative timed 
simulation function S|_imMaxDiff f° r the state pair ((a, x = of 1 , (a, x = 0f 2 J . The value is (1) infinity 
if every transition from the state in Ti cannot be matched by a transition from the matching state 
in T2 (and similarly for following steps), that is the state of Ti time-abstract simulates the state of 
T2 ; (2) the eventual maximum time difference between matching transitions of Ti and T2 otherwise 
(ignoring the time differences amongst finite trace prefixes), amongst time-divergent runs. In the 
automata Ti,T2, there is a time mismatch only at the transitions from a, and this transition can 
only occur before time 10. Once the executions reach the location c, the automaton T2 is able 
to match the transitions of Ti at the exact times, with zero time discrepancy. Thus, S|_imMaxDiff 
denotes the "steady-state" time discrepancy between 7%, T2, and this value is zero for the state pair 
(^(a,x = Of 1 ,(a,x = Of 2 ), in contrast to the value of 9 for SiviaxDiff f° r the state pair. Note that 
we ignore time-discrepancies for finite time (by discarding Zeno runs), not just finite trace prefixes. 
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If we ignore only finite trace prefixes, then we would have obtained a value of 9, as Ti can loop on 
the location b by preventing time from progressing (note that the clock x is not reset on the b loop 
transition). □ 



Example 4 (Eventual Maximum Time Difference). Consider the two timed automata T5 and 7q 




Fig. 4. Two timed automata 7^,7^. 



in Figure 4. Let us look at the value of the eventual maximum time difference quantitative 
timed simulation function SumMaxDiff for the state pair ^(a, x = 0) Ts ,(a,x = 0) Te ^. In this case, 
a time difference of 9 occurs infinitely often in time-divergent runs, (e.g. between the paths 
(a,x = 0f 5 A (b,x = 0f 5 A ( c ,x = 0) T5 A (a,x = 0f 5 A ••• and (a,x = 0) Tfi -±> 
(b,x = 0) 7e — % (c, x = 0) 7() -—> (a,x = 0) 7() — The maximum time difference of 9 time 
units arises when taking the transitions from the a-labelled states. Thus, the value of SumMaxDiff 
for the state pair (^(a,x = 0) 7 '' ,(a,x = 0) 7e ^j is 9. It can be checked that in this case, the value of 
§MaxDiff f° r the state pair is also 9. □ 

Example 5 (Average Time Difference). Consider the two timed automata T5 and 7q in Figure 4. 
Let us look at the value of the (long-run) average time difference quantitative timed simulation 
function §AvgDiff f° r the state pair (^{a,x = 0) Ts ,(a,x = 0) Tf3 ^. As usual, for the value to be finite, 
we require time-abstract simulation. If time-abstract simulation holds, we take the average with 
respect to the number of transitions (over non-Zeno runs). For the state pair, a time difference of 9 
occurs infinitely often, but this difference occurs in only one-third of the transitions (the transitions 
from a locations). For the transitions from b and c, the time discrepancy is zero. Thus, the value 
for S A vgDiff is = 3. □ 

To compute the values of the three simulation functions, we use the framework of turn based 
games on finite-state game graphs. We introduce two new game theoretic objectives (these objectives 
are required for computing two of the quantitative simulation functions) on these game graphs, 
namely, eventual debit-sum level and average debit-sum level objectives, and present novel solutions 
for both. We need to consider the sums of the weights encountered as in our quantitative simulation 
functions, the global time is the sum of the time durations of all the preceding transitions. 

Eventual debit-sum level and average debit-sum level games are also interesting on their own. 
We next illustrate average debit-sum level games. These games are played on two-player turn based 
game graphs. Each transition in the game graph incurs a cost (denoted by a negative weight), or a 
reward (denoted by a positive weight). These costs can be viewed as monetary losses, or monetary 
gains. The debit-sum level at a stage in the game denotes the absolute value of the monetary balance, 
if the balance is negative (the balance is the sum of all the positive and negative costs and rewards) . 
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Fig. 5. Debit sum-level game 



The objective of player 1 is to have the lowest possible average debit-sum level. These games are 
also applicable, for instance, in financial markets, where banks have to take overnight loans from 
the Federal Reserve loan windows in case of need (these loans need to be renewed each day the loan 
is not repaid) . It is in the banks interests to minimize the average of the loan amount per day. 



Example 6 (Debit Sum-Level Turn Based Games). Consider the turn based game depicted in Fig- 
ure 5. The only player-1 location is a, the other locations are player-2 locations. The numbers on the 
edges denote the costs or rewards that player-1 gets when that transition is taken. Positive weights 
denotes rewards, and negative weights denotes costs. Viewing the weights as monetary transactions, 
and starting with a monetary balance of zero at a, if player 1 loops around the left loop, then the 
trace, together with the monetary balances is: ((a, 0) 9) (62,— 5) (63,— where the num- 

bers denote the accumulated balances during the run of the play. The average negative balance, 
i.e, the average debit-sum level (per unit location visit), is 0+9 ^ 5+1 = If player 1 loops around 
the right loop, then the trace, together with the balances is: ((a, 0) (64,-5) (65,— 3) (66,-1) ) u ■ 
The average negative balance is + 5 + 3+1 = |. Thus the optimum average debit sum- level value for 
player 1 is 9/4, and the optimum strategy is to loop around the right-hand side, where it needs to 
borrow less, on average. □ 



Our Contributions. Our main contributions in the present work are as follows. 

★ We define three quantitative refinement metrics incorporating Zenoness conditions semantically, 
that is our refinement metrics ignore artificial Zeno runs present in systems due to modelling 
artifacts. We also show that these quantitative functions are actually (directed) metrics. 

★ We define quantitative timed simulation functions corresponding to the refinement metrics using 
a game theoretic formulation. These quantitative simulation functions also incorporate Zenoness 
conditions for obtaining physically meaningful system differences. As far we know, this is is the 
first work which handles Zeno runs when computing simulation functions. 

★ We present decision procedures for computing all the defined quantitative timed simulation func- 
tions to within any desired degree of accuracy for any given timed automaton. 

■k We introduce new game theoretic objectives on finite-state game graphs, namely, eventual debit- 
sum level objectives and average debit-sum level objectives, and present novel solutions for both 
on finite-state turn based games. These new objectives are required in the computation of the 
defined quantitative simulation functions. 
We have considered the (more challenging) framework of global event times in our quantitative 
simulation functions. Our solution framework is also applicable where the mismatches are only with 
respect to transition durations (simple algorithms are applicable in this case). Our algorithms can 
easily be generalized to consider quantitative simulation functions in which an observation a is 
allowed to match a different observation a', but with some matching penalty in case a 7^ a' (the 
penalty being in addition to the timing mismatch of a, a'). Thus, our algorithms apply to the 
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computation of quantitative simulation functions which consider the Skorokhod metric [JS03] over 
mismatches. 

Related Work. The most relevant related work is the recent work on the theory of approximate 
bisimulation for continuous and switched systems [GJP08; GPT10], and [QFD11]. The approxima- 
tions in [GJP08; GPT10] are with respect to the real-valued system outputs, and not with respect 
to the times during which the values are output. The simulation relations are constrained to match 
values at equivalent sample points, thus there is no mechanism to judge the time discrepancies. The 
work in [QFD11] presents similarity relations where the approximations are with respect to time 
as well as output values. Computation of similarity relations is reduced to solving a derived game, 
however, no decidability results are presented for solving these derived games. For timed systems, 
the work in [HMP05] presented maximum time difference quantitative timed simulation functions, 
however, Zeno issues were ignored. Our solutions for the new objectives on finite-state game graphs 
builds on previous work on mean payoff parity games, multi-dimensional mean payoff, and energy 
games [Bou+11; CD10; Cha+10; ChalO; CHJ05]. The new game objectives presented in the present 
work, that are required for the quantitative timed simulation functions, were previously unstudied, 
and require new ideas in their solutions. 

2 Quantitative Timed Trace Difference and Refinement Metrics 

We define quantitative refinement functions on timed systems. These functions allow approximate 
matching of timed traces and generalize timed and untimed refinement relations. 

Timed Transition System. A timed transition system (TTS) is a tuple A = (S,E,—^,fj,,So) 
where 

— S is the set of states. 

— U is a set of atomic propositions (the observations). 

— — > C S x ]R + x S is the transition relation such that for all s G S there exists at least one s' € S 
such that for some A, we have s s' . 

— \i : S h-> 2 s is the observation map which assigns a truth value to atomic propositions true in 

cL StcltC 

— Sq Q S is the set of initial states. 

We write s s' if (s, t, s') £ — K A state trajectory is an infinite sequence so si -V . . . , where for 

each j > 0, we have Sj —¥ Sj+i- The state trajectory is initialized if sq € sq is an initial state. A state 

trajectory so^-si . . . induces a trace given by the observation sequence /u(srj) m( s i) -V .... To 
emphasize the initial state, we say so~trace for a trace induced by a state trajectory starting from 
So- A trace is initialized if it is induced by an initialized state trajectory. Given a trace tr induced 

by a state trajectory sq % s\ % . . . , let time tr [i] denote YTj=o tj, i- e - the time of the z-th transition. 
The trace tr is time-convergent or zeno if lim^oo time tr [i] is finite; otherwise it is time-divergent or 
non-zeno. We denote the set of time-divergent initialized traces of a timed transition system A by 
Timediv(A), and the set of all initialized traces of A by Traces^). A TTS is well formed if from 
every sq € sq, there exists a so-t race in Timediv(A). We consider only well formed TTS in the 
sequel. The TTS A x refines or implements the TTS A s (the specification) if every initialized trace 
of A x is also an initialized trace of A s . We first define various quantitative notions of refinement 
that quantify if the behavior of an implementation TTS is "close enough" to a specification TTS. 
We begin by defining several metrics on trace differences and refinements. 
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Maximum Trace Difference Distance. Given two traces tr = r -4 r\ -4 r2 . . . and tr' = sq -4 

Si -4 «2 • • • , the maximum trace difference distance ©MaxDiff (tr, tr') is defined by 



^MaxDifKtr, tr') 



oo if r n ^ s n 

for some n 
_ sup n {| time tr [ra] — time tr '[n]|} otherwise 



The distance D|\/iaxDiff(tr, tr') indicates the maximum time discrepancy between matching observa- 
tions in the two traces tr and tr'. 

Proposition 1. The function 2)|viaxDiff() * s a metric on timed traces. □ 

Refinement Distance Induced by DiviaxDiff- The trace difference metric DiviaxDiff induces a re- 
finement distance between two TTS. Given two timed transition systems A t (the refined system) 
and A s (the specification), with initial state sets S t , S s respectively, the refinement distance of A x 
with respect to A s induced by T>MaxDiff is given by 

3?MaxDiff(A:, Ai) = SUp inf {D M axDiff (tr qc , tig J } 

where tr 9r (respectively, tr fe ) is a g t -trace (respectively, g s -trace) for some q r G S x (respectively, 
q$ G S s ). Notice that this refinement distance is asymmetric: it is a directed distance[AFS09]. The 
refinement distance 3?MaxDiff(^4r> A s ) indicates quantitatively how well initialized traces in A s match 
corresponding initialized traces in A t with respect to the ©MaxDiff trace difference metric. 

Proposition 2. The function 3^MaxDiff() is a directed metric on timed transition systems. □ 

We next define several other trace difference metrics, which in turn induce their own refinement 
distances on TTS. 

Limit-Maximum Trace Difference Distance. Given two traces tr = tq -4 r± -4 r-i . . . and 

tr' = so -4 si — > . 

^LimMaxDiff(tr, tr' 



sq -4 si -4 S2 ... , the limit-maximum trace difference distance D|_imMaxDiff (tr, tr') is defined by 



oo if r n 4 s n 

for some n 

liniM^oo sup n>M {| time tr [n] — time tr '[n]|} otherwise 

The distance 2)|_imMaxDiff(tr, tr') indicates the limit-maximum time discrepancy between matching 
observations in the two traces tr and tr'. That is, it indicates the eventual "steady state" maximum 
time discrepancy, ignoring any initial spikes in the time discrepancy between the two traces (we still 
require all observations to be matched). 

In the following lemma, we view limits as being on the extended real line. 

Lemma 1. Let a n and b n both be non- decreasing or both be non-decreasing sequences of real numbers 
for n > 0. Then lim„_ ! . 00 (a n ) and lim n _ s . 00 (a; ) ) both exist and 

lim (a„) + lim (b n ) = lim (a n + b n ) □ 
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Lemma 2. Let a n and b n be real numbers for n > and let M > 0. Then 

sup{a n } + sup{6„} > sup{a„ + 6„} □ 

n>M n>M n>M 

Proposition 3. The function ©LimMaxDiffO * s a metric on timed traces. 

Proof. We prove D LimMaxDiff (tri,tr 2 ) + 2) LimMaxD i ff (tr2,tr 3 ) > D LimMaxDiff (tri, tr 3 ). 
If all the observation sequences of tri,tr2,tr3 are not the same, or if ©LimMaxDiff(tri, tr 2 ) or 
MaxDiff (t r 2, tr 3 ) is infinite, then the claim is straightforward. So assume that the observation 
sequences of the three traces are the same and that © LimMaxDiff (tri, tr 2 ) and ©LimMaxDiff (tr 2 , tr 3 ) are 
both finite. We have ©LimMaxDiff (tri, tr 2 ) + ©LimMaxDiff (tr 2 , tr 3 ) 

= lim sup {| time tri [n] — time t r 2 H|} + 

M^oo n >M 

lim sup {| time t r 2 N — time tr .Jn]|} 

M->oo n>M 



lim 



sup n > M {|ti m etnH - time tr2 [n]|} + 
M-£>o \ v sup n > M {|time tr2 [n] - time tr3 [n]|} 

by Lemma 1. 



> lim sup { time tri N -time tr2 n + 1 % 
M^oo y n > M { (|time tr2 [n] - time tr3 [n]|) J J 

> lim sup {| time tri [n] — time tr3 [n]|} 

M^oo n > M 

=^LimMaxDiff(tri, tr 3 ) □ 



Refinement Distance Induced by ©LimMaxDiff- The trace difference metric ©LimMaxDiff induces 
the refinement distance ^LimMaxDiff (An As)- Since we are interested in the long run steady state time 
discrepancy, we consider only time-divergent traces in A x , if such traces exist. Formally, given two 
timed transition systems A v , A s , with initial state sets S X ,S S respectively, the refinement distance 
of A t with respect to A s induced by ©LimMaxDiff is given by 

^LimMaxDifKA, A s ) = SUp inf {©LimMaxDiff (tr 9t , tr fe ) } 

tr 9t GTimediv(A t ) tr< ?« 

where tr 9t (respectively, tr gs ) is a g r -trace (respectively, g 5 -trace) for some q v £ S x (respec- 
tively, q s G S s ). Note that we do not need to put any time-divergence requirement on the traces 
from A s ; the "inf" operator ensures that only time-divergent traces are considered when available 
(©LimMaxDiff ( tr g t > tr 9s ) is infinite if one trace is time-divergent and the other zeno). Also note that 
we did not place any time-divergence requirements in ^MaxDiff () as it does not have an affect on the 
value of the function. 

Proposition 4. The function 3?u m MaxDiff() is a directed metric on timed transition systems. 

Proof. We prove LimMaxDiff (A, M) + ^LimMaxDiff {M, M) > ^LimMaxDiff (A, A 3 ). 

The interesting case is when both 3?Li m MaxDiff(A, ^2) and ^LimMaxDiff (A, ^3) are finite. 

Let LimMaxDiff (A, M) = #1,2 and let 3q_i m MaxDiff(A, A3) = #2,3- Consider any tri € 
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Timediv(^i). Since K lj2 = sup tr<jieTimediv(Al) inf tr , 2 {^LimMaxDiff (tr gi , tr 92 )}, we have that K ij2 > 
inf tr92 {D|_i m MaxDiff (t r i> t^)}- Hence we have that for any given e > 0, there exists tr 2 G 
Traces(A2) such that D|jmlviaxDiff(tri,tr2) < K± >2 + e. Now, tr 2 must be time divergent (i.e. 
tr 2 G Timediv(yl2)), otherwise 2)|_imMaxDiff (tri, tr 2 ) is not finite. Using a similar argument, we have 
that there exists a trace tr 3 G Traces(^4 3 ) such that 2)umMaxDiff(tr2, tr 3 ) < K 2 ^ + e. 
Since 

^LimMaxDifF(tri,tr 2 ) + ©LimMaxDiff (^2, tr 3 ) > ©LimMaxDiff (^1, tr 3 ) 

we have that 

^LimMaxDiff(tri,tr 3 ) < K lj2 + if 2 ,3 + 2-6 

Since this holds for any e > 0, we have that 

inf {I>LimMaxDiff(tri,tr 93 )} < K h2 + K 2 ,3 

tr 93 eTraces(A3) 

And since this inequality holds for any tri G Timediv(Ai), we have 

sup inf {2)LimMaxDiff(tr 9l ,tr g3 )} < K lt2 + K 2j3 □ 

tr qi GTimediv(Al) tr 9 3 eTraces(A 3 ) 

Limit- Average Trace Difference Distance. Given two traces tr = r$ % n -V r 2 . . . and 

t' t' 

tr' = sq s\ -h- s 2 ■ ■ ■ , the limit-average trace difference distance 2?AvgDiff (tr, tr') is defined by 
©AvgDiff(tr,tr') = 

' oo if rj 7^ Sj 

< for some j 

^ HmM^oo (sup n > M { £yi!!^f^ }) otherwise 

The distance X>A V gDiff (tr, tr') indicates the long run average of the time discrepancies between the 
two traces. 

Proposition 5. The function ©AvgDiffO i> s a metric on timed traces. 
Proof. We prove D Avg Diff (tri, tr 2 ) + DAvgDiff(tr2,tr 3 ) > £>Av g Diff(tri, tr 3 ). 

If all the observation sequences of tri,tr2,tr 3 are not the same, or if !>AvgDiff(tri,tr2) or 
DAvgDiff (tr2, tr 3 ) is infinite, then the claim is straightforward. So assume that the observation se- 
quences of the three traces are the same and that ©AvgDiff (tri, tr 2 ) and DAvgDiff (tr2, tr 3 ) are both 
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finite. We have T> AvgDiff (tr x , tr 2 ) + DAv g Diff(tr 2 , tr 3 ) 



= lim ( S up( E - o(|timetriH " timetr2HL M + 

M-,00 \ n >M I fl 



lim sup 



Tr=o(l time tr 2 H -timetr 3 [i]|) 



/ 011T1 f ELoOtimetri [»]-time tr2 [i]|) ) 

/ su Pn>M i ^ J + 

o | vSU p^ M | ^o(|time tr2 J-ti m e tr ,,[,]|) j 

by Lemma 1. 

/ f ELoG time tri [i]-timetr 2 [i]\) 

n 

ELoG time t r 2 [t]-timetr 3 [i] ) 



> lim I sup <( ^ n ,, . " m _ timetr um + M by Lemma 2. 



M->oo \ n >M 



> lim sup 



Er=o(l time tnH -time tr3 [i 




=^Av g Diff(tri,tr 3 ) □ 

Refinement Distance Induced by ©AvgDiff- The trace difference metric ©AvgDiff induces the 
refinement distance ^AvgDiff(^r) A s ). As in the definition of 3? a dd(Ar> A s ), we only consider time- 
divergent traces from A x when available. Formally, given two timed transition systems A t , A s , with 
initial state sets S t , S s respectively, the refinement distance of A x with respect to A s induced by 
©AvgDiff is given by 

%Av g D\ff(A t ,A s ) = sup mf{f Av g Diff(tr 9t ,tr 9B )} 

tr 9t eTimediv(A r ) tr< ?« 

where tr ?t (respectively, tr qs ) is a g r -trace (respectively, (fe-trace) for some q x G S t (respectively, 
<b G S s ). 

Proposition 6. The function 3£AvgDiff() is a directed metric on timed transition systems. 

Proof. The proof is similar to Proposition 4. □ 

A Note on Zeno- Asymmetry in Refinement Metrics. There appears to be an asymme- 
try in the definitions for refinement metrics with respect to zenoness as only zeno behaviors 
of A x are given special treatment. This is because in case of zeno behavior by the specifica- 
tion, our definitions automatically give a value of 00, which is the correct notion. That is, for 
& G {£MaxDifT,2\imMaxDifF,£>AvgDiff}, we have #(tr ?t , tr g J = 00 if tr qx is time divergent, and tr qs is 
time convergent. 



3 Timed Simulation Relations 

The general trace inclusion problem for timed systems is undecidable [AD94], simulation relations 
allow us to restrict our attention to a computable relation. 

Timed Simulation Relations. Let A x and T s be timed transition systems. A binary relation 
-< C S x x S s is a timed simulation if s x ^ s s implies the following conditions: 
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1. fl(s t ) = fi(s s ). 

2. If s x — > s' x , then there exists s' s such that s s — > s' g , and s' x ^ s' s . 

The state s x is timed simulated by the state s s if there exists a timed simulation ^ such that s x ^ s s . 
A binary relation = is a timed bisimulation if it is a symmetric timed simulation. Two states s x and 
s s are timed bisimilar if there exists a timed bisimulation = with s x = s s . Timed bisimulation is 
stronger than timed simulation which in turn is stronger than trace inclusion. If state s x is timed 
simulated by state s s , then every s r -trace is also a s s -trace. 

Untimed Simulation Relations. Untimed simulation and bisimulation relations are defined anal- 
ogously to timed simulation and bisimulation relations by ignoring the duration of time steps. For- 
mally, a binary relation < u C S't x S s is an (untimed) simulation if s x -< u s s implies the following 
conditions: 

1. n(s t ) = n(s s ). 

t t' 

2. If s x — > s' x , then there exists s' s and t' € IR + such that s s — > s' s , and s' x ■< s' s . 

A symmetric untimed simulation relation is called an untimed bisimulation. 

Timed simulation and bisimulation require that times be matched exactly. This is often too 
strict a requirement, especially since timed models are approximations of the real world. On the 
other hand, untimed simulation and bisimulation relations ignore the times on moves altogether. 
Analogous to the notions of quantitative refinement presented in Section 2, we will define quan- 
titative notions of simulation functions which lie in between these extremes in Section 5. We will 
define quantitative simulation functions in a game theoretic framework. The motivation for the 
game theoretic framework for simulation relations is presented next. 

Timed and Untimed Simulation Games. We present an alternative equivalent game theoretic 
view of timed simulation (a similar view exists for untimed simulation). Given two timed transition 
systems A x and A s , consider a two player turn-based bipartite timed transition game structure 
&t(A x ,A s ) with state space (S't x S s x {1}) U (S r x S s x {2}) (the full formal definitions of game 
structures will be presented in Section 4). The states of player 1 (the antagonist) are S r x S s x {2} 
and player-2 (the protagonist) states are S r x S s x {1}. The transitions are: 

Player-2 transitions. (s x , s s , 2) — ^ (s' x , s s , 1) such that s x — ^ s' x is a valid transition in A x . 

Player-1 transitions. (s x , s s , 1) ^> (s x , s' s , 2) such that s s ^> s' s is a valid transition in A s . 

To decide if s s time-simulates s x , we play the following game. Let (s x ,s s ,2) be the initial state 
such that fi(s x ) = fi(s s ). Player-2 picks a transition of some duration A x from this state and moves 
to some state (s' t ,s s , 1). From (s' x ,s s , 1), player 1 then picks a transition of duration A s such that 
A s = A x and moves to (s' x , s' s , 2) such that /J,(s' s ) = f^(s' s ). If no such transition exists, then player 1 
loses. If the game can proceed forever without player-1 losing, then player 2 loses and player 1 wins. 
If player 1 wins starting from {s x , s s , 2), then s s time-simulates s x . For untimed simulation, we ignore 
the time durations of the moves (and player 1 can pick transitions of any duration from A s . We 
denote the two player turn-based bipartite untimed transition game as <3 U (A X , A s ). 

4 Finite-state Game Graphs 

We will define the values of quantitative timed simulation functions in Section 5 through game 
theoretic formulations of problems for finite-state game graphs. In this section, we first present the 
basic background on finite-state game graphs, and the relevant known results; then introduce new 
game theoretic objectives (that were not studied before but are required for quantitative timed 
simulation functions) and present solutions for the new objectives. 
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4.1 Basic Definitions and Known Results 



In this section we present definitions of finite game graphs, plays, strategies, objectives, notion of 
winning and the decision problems. 

Game graphs. A game graph G = (Q,E) consists of a finite set Q of states partitioned into 
player-1 states Q\ and player-2 states Q2 (i.e., Q = Q\ UQ2 an d Qi = 0)) an d a set E C Q x Q 
of edges such that for all q G Q, there exists (at least one) q' G Q such that (q, q') G E. A player-1 
game is a game graph where Q\ = Q and Q2 = 0- The subgraph of G induced by S C Q is the 
graph (S 1 , £n(Sx S 1 )} (which is not a game graph in general); the subgraph induced by S is a game 
graph if for all s G S there exist s' £ S such that (s, s') <G E. 

Plays and strategies. A game on G starting from a state q$ G Q is played in rounds as follows. 
If the game is in a player-1 state, then player 1 chooses the successor state from the set of outgoing 
edges; otherwise the game is in a player-2 state, and player 2 chooses the successor state from the 
set of outgoing edges. The game results in a play from qo, i.e., an infinite path p = q$qi . . . such 
that (qi, f/j+i) G E for all i > 0. The prefix of length n of p is denoted by p(n) = qo . . . q n . A strategy 
for player 1 is a function it\ : Q*Q\ — > Q such that (q, ni(p ■ q)) G E for all p G Q* and q G Q\. An 
outcome of m from qo is a play go9i • • • such that wi(qo ...%) = c/j + i for alH > such that q^ G Qi. 
Strategy and outcome for player 2 are defined analogously. A player-1 strategy is memoryless if it 
is independent of the history and depends only on the current state, and hence can be described as 
a function m : Q± — > Q. Memoryless strategies for player 2 are defined analogously. We denote by 
III an d IJ2 the set of strategies for player 1 and player 2, respectively. Given a starting state q, a 
strategy m for player 1 and a strategy 712 for player 2, we have a unique play go9i92 ■ • •, such that 
qo = q and for all i > (i) if % is a player 1 state, then qi + \ = 7Ti(?o,?i, • • • , %); and (ii) if q^ is a 
player 2 state, then = ^2(50, 91, • • • , We denote the unique play as p(ir\, 7T2, (7). 

Objectives. In this work we will consider both qualitative and quantitative objectives. We first 
introduce qualitative objectives that we will use in our work. A qualitative objective for G is a set 
4> Q Q u of winning plays. For a play p, we denote by Inf (/?) the set of states that occur infinitely 
often in p. We consider Biichi objectives, and its dual coBiichi objectives which are defined as 
follows. A Biichi objective consists of a set B of Biichi states, and requires that the set B is 
visited infinitely often. Formally, the Biichi objective defines the following set of winning plays: 
Biichi(-B) = {p I lnf(p) (~l B ^ 0}. Dually the coBiichi objective consists of a set C of coBiichi states 
and requires that states outside C be visited only finitely often, and defines the set coBuchi(C) = {p | 
lnf(p) Q C} °f winning plays. When we will consider qualitative objectives, the objective of player 1 
will be disjunction of two coBiichi objectives, and the objective of player 2 will be the complement 
(conjunction of two Biichi objectives). We now introduce several quantitative objectives. 

Quantitative objectives. A quantitative objective for G is a function / : Q u — > IR that maps every 
play to a real-valued number (in contrast a qualitative objective can be interpreted as a function 
(j) : Q u —> {0, 1} that maps plays to Boolean rewards, with 1 for winning plays). Let w : E — > 7L be 
a weight function and let us denote by W the largest weight (in absolute value) according to w. For 
a prefix p(n) = q$q\ . . . q n of a play we denote by Sum(u/)(p(n)) = X^t) 1 w (li^ the sum of the 
weights of the prefix. The debit-sum level at the end of the prefix p(n) is defined by 



n-l 
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Note the negative sign in the definition. The debit-sum level denotes the amount by which the 
accumulated sum of the weights has dipped below at the end of p(n) (if the sum of the weights 
is positive, i.e. there is a credit, then the debit-sum level is defined to be 0). We will consider the 
following objective functions. 

Debit-sum level. For a play p, the debit-sum level is the maximal debit-sum level that oc- 
curs in it. Formally, for a play p and the weight function w we have DebSum(w)(p) = 
sup n DebSum(tt;)(p(n)) = inf{t>o | Vn > O.vq + Sum(w)(p(n)) > 0}. 

Eventual debit-sum level. For a play p, the eventual debit-sum level is the maximal debit- 
sum level that occurs after some point on in the play. Formally, for a play p and 
the weight function w we have EvDebSum(ttj)(/9) = limsup^^^ DebSum(ti;)(p(n)) = 
limM-s>oo sup n>M DebSum(ti>)(p(n)) = inf{«o | 3no > O.Vn > uq.vq + Sum(w)(p(n)) > 0}. 

Average weight. The mean-payoff (or limit-average weight) objective function on a play p = 
qoqi . . . is the long-run average of the weights of the play, i.e., Avg(w)(p) = limsup n _^ OC) i • 
Sum(w)( K p(n)). 

Average debit-sum. Along with the previous objective, we introduce a new objective function, 
which we call the average debit-sum level that assigns to every play the long-run average of the 
debit-sum levels. Formally, AvDebSum(ti;)(p) = limsup n ^ 00 DebS ^ m ( w )(i( TO )) _ Note that since 
the debit-sum level is defined to be if the accumulated sum is positive (i.e. a positive credit-sum 
level), a positive credit-sum cannot cancel out a positive debit-sum in the averaging process in 
AvDebSum(ttj)(/9). Observe that in contrast to mean-payoff objective that is the average of the 
weights, the average debit-sum has the flavor of the average of the partial sums of the weights. 
In the sequel, when the weight function w is clear from context we will omit it and simply write 
Sum(p(n)) and Avg(p), and so on. For each of the above quantitative objective, we will consider 
a version of the quantitative objective that is a disjunction with a coBiichi objective. Formally 
for a quantitative objective / and coBiichi objective coBuchi(C), the quantitative objective that 
is the disjunction of the two objectives is defined as follows for a play p: if p € coBiichi(C), then 
the objective function assigns value to p, otherwise it assigns value f(p). We will refer to the 
corresponding version of the quantitative objectives with disjunction with coBiichi objective as 
DebSumCB, EvDebSumCB, AvgCB, and AvDebSumCB, respectively (and when the weight function 
w and the coBiichi set C is clear from the context we drop them for simplicity). 

Winning strategies, optimal value and optimal strategies. A player-1 strategy tt\ is winning 
(we also say that player 1 is winning, or that q is a winning state) in a state q for a qualitative 
objective <f> if p € (p for all outcomes p of 7Ti from q. The optimal value for a quantitative objective 
is the minimal value that player 1 can guarantee against all strategies of player 2. Formally, for 
a quantitative / that maps plays to real- valued reward, the optimal value Opt(/)(g) at state q is 
defined as 

Opt(/)(<?) = inf sup /(p(7Tl,7T2,<?)). 

A strategy for player 1 is optimal if it achieves the optimal value against all strategies of player 2, 
i.e., a strategy 7r* is optimal if we have 

Opt(/)(<?) = SUp f(p(TTl,TT 2 ,q)). 

n 2 en 1 

We now present a theorem that summarizes known results about Biichi and coBiichi games, 
debit sum (minimal initial credit for energy games), and mean-payoff games. The results of Biichi 
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and coBiichi objectives follow from [EJ91], the results for debit sum games credit follows from the 
results on energy games of [CD 10], and the result for mean-payoff games follows from [Bou+11; 
CHJ05] (also note that in [Bou+11; CD10; CHJ05] player 1 has conjunction of energy (or mean- 
payoff) with parity objectives, whereas in our setting player 1 has the disjunction of energy (or 
mean-payoff) with parity, and thus the roles of player 1 and player 2 in this work is exchanged as 
compared to [Bou+11; CD10; CHJ05]). 

Theorem 1. The following assertions hold for finite- state game graphs. 

1. The set of winning states in games with disjunction of two coBiichi objectives can be computed 
in time 0(\Q\-\E\), and memoryless winning strategies exist for player 1 and winning strategies 
of player 2 require one-bit memory (from their respective winning states). 

2. The optimal value for debit-sum function with coBiichi disjunction can be computed in time 
0{\Q\ 2 ■ \E\ ■ W), and memoryless optimal strategies exist for player 1 and optimal strategies for 
player 2 require finite memory. If the optimal value is finite, then the optimal value is at most 

\Q\-\w\. 

3. The optimal value for limit-average function with coBiichi disjunction can be computed in time 
0(\Q\ 2 ■ \E\ ■ W), and memoryless optimal strategies exist for player 1 and the optimal strategies 
of player 2 may require infinite memory. □ 

4.2 New Results and Algorithms 

In this section we will present two solutions for problems on finite-state game graphs. The first 
solution is for games with minimal initial credit for eventual survival, and the second solution for 
average-sum objectives. 

Eventual Debit-Sum Level Objectives We will solve the problem by a reduction to a coBiichi 
game. We start with a lemma that is required for the reduction. 

Lemma 3. For all game graphs with a weight function w, the following assertions hold: 

1. The optimal value of the eventual debit sum level is at most the optimal value of the debit sum 
level objective i.e., for all states q we have 

Opt(EvDebSum)(g) < Opt(DebSum)(g); 

2. If the optimal value of the debit sum level objective is infinite, then the optimal value of the 
eventual debit sum level is also infinite. 

Proof. The first item follows from definition. The proof of the second item is as follows: if we have 
a sequence (x„) n >o of integers, then supx„ = oo iff limsupx n = oo. Considering (x n )„>o to be the 
sequence (Sum( / o(n)) n >o we obtain the result for all plays, and hence the result follows. □ 

Reduction to coBiichi games. The solution for the optimal value is obtained as follows: 
(1) We compute Opt(DebSum)(g) using algorithms of Theorem 1, and if Opt(DebSum)(g) is in- 
finite, then Opt(EvDebSum)(g) is infinite (by Lemma 3); (2) if Opt(DebSum)(g) is finite, then by 
Lemma 3 we have Opt(EvDebSum)(g) is finite and by Theorem 1 we have Opt(EvDebSum)(g) < 
\Q\ ■ W. If Opt(EvDebSum)(g) is finite, for < D < \Q\ ■ W the procedure to check whether 
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Opt(EvDebSum)(g) < D is as follows: we construct a coBiichi game where we keep track of the 
current sum of weights; and since the optimum value for the debit sum level objective is at most 
\Q\ ■ W , then player 1 can ensure that the sum of the weights never decreases below —\Q\ • W. 
Moreover, any optimal strategy for player 1 must ensure that a state where the optimal value is oo 
is never reached. If the sum of the weights exceeds \Q\ ■ W, then a optimal strategy for the debit 
sum level objective ensures that the sum never falls below afterwards. Hence we only need to keep 
track of the sum of weights that lie between — \Q\ ■ W and \Q\ ■ W. If the sum of the weights is above 
—D, then we call the state a coBiichi state, otherwise it is a bad state for the coBiichi objective. 
The goal of player 1 is the coBiichi objective, which is equivalently the objective to ensure that 
from some point on the sum of the weights is always above —D. Using a binary search for D for 
values between and \Q\ ■ W we obtain the optimal value. Also observe that the games we construct 
for the binary searches have at most 0(|Q| 2 ■ W) states and 0(\E\ ■ \Q\ ■ W) edges. Note that for 
disjunction with coBiichi objective, we have the same reduction as above, but in the end we obtain 
a game with disjunction of two coBiichi objectives. 

Theorem 2. The optimal player-1 strategy, and the optimal value 0pt(EvDebSumCB)((7) for the 

eventual debit sum level objective with coBiichi disjunction can be computed in time 0(\Q\ 3 ■ \E\ ■ 
W 2 -log(|Q| -W)). □ 

The next example illustrates the difference between debit sum level and eventual debit sum level 
objectives. 

Example 7 (Debit sum vs eventual debit sum level). Consider the game graph Gq in Figure 6. The 
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Fig. 6. Game Graph Go 



game Go has only one play from q , namely, q — > q\ — >■ (q 2 — > q% — >) u . It can be seen that 
Opt(DebSum)((/o) is 10 as a debit level of 10 is seen on the transition from qo to q±. However, 
Opt(EvDebSum)(go) is only 2, as the debit level 10 occurs only once in the play. The debit level 2 
however occurs infinitely often in the play. Thus, Opt(EvDebSum)(go) is 2. □ 

Average Debit-Sum Level Objectives We start with an example that illustrates average debit- 
sum level objectives. 

Example 8. Consider the game graph G\ in Figure 7. The game G\ has only one play from qo, 
namely, (go — >■ qi — > qi —^) UJ (and similarly only one play from any state). For this play we compute 
the debit sum and credit sum levels: let (q, d, c) denote the state q, and d, c the debit and credit 
sum levels at that point in the play (note that only either debit sum, or credit sum level can be 
non-zero, by definition). The play together with debit and credit sum levels is: 

(q , 0, 0) -> (( qi , 1, 0) -> (gs, 0, 1) -> (q , 0, 0) 
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Fig. 7. Game Graph Gi 



Thus the average debit sum level AvDebSum(tt;)(go) = 1/3. Now consider the only play from q 2 . 
The play annotated with debit and credit sum levels is: 

(q 2 , 0, 0) -)■ ({q , 1,0} 2, 0) (g 2 , 0, 0} ->) w 

Note that credit levels never rise above in this play. The average debit sum level AvDebSum(-u;)((/2) 
for this play is 1. Thus, where we "enter" in a cycle affects the value of the average debit sum level. □ 

The next lemma is a technical lemma on integer sequences. 

Lemma 4. Let xo, x±, . . . be a sequence of integers. The following assertions hold. 

1. If Xi is positive for every i, and there exist iq > and N > such that for all i > iq, there exists 
1 < rrii < N such that x i+rrH > x { . Then, lim M ^oo fsup fc>M | = oo. 

2. Suppose (i) there exists W < oo such that for all i > 0, we have |xj+i — Xj| < W ; and (ii) there 
exist io > and N > such that for all i > Iq, there exists 1 < m, < TV such that Xi +rrii < x; t . 
Then, there exists M > such that Xi < for all i > M. 

Proof. We present both items of the proof. 

1. Consider Y^7=io ' N+ '' Xi ^ or a — ^ an< ^ — i < Consider the set 

X a = {xj | i G + a • N < j < i Q + a ■ (N + 1)} 

It can be shown by induction that for every a > 0, we have: (i) there exists Xi £ X a , such that 
a^i > a (informally, the claims hold because there is an increment of at least one, starting from 
Xi , in every N steps) ; and hence, (ii) Yli^io' N+: ' x i > + 1 + • • • + a (since we can pick x.i € X a 
such that X{> a). Thus, 

E io+a-N+j / i \ / 1 \ 

i=i x i ^ a-(a + l) a-(a + l) 



> : > 



io + a-N + j ~ 2-(i + a-N + j) ~ 2 ■ (i + (a + l) ■ AT) 
for every a > and < j < N. Thus, 



Eio+a-N+j 
i=io x * 



> 



a 



io + a-N + j ~ + 
Therefore, for every a > 0, we have 



sup < ^»=" - S > ±^ > 



a 



k>(i +vN) { k J '„ • n • A 2 • (^ + A 7 ") 
Letting a — > oo, we have the desired result. 
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2. By induction, it can be shown that for every a > 0, there exists Xi a G {xj \ i Q + a ■ N < j < 
i D + a ■ (A + 1)}, such that Xi a + a < Xi (that is, Xi a is at least a less than Xj ). Informally, 
the claims hold because there is a decrement of at least one, starting from Xi , in every A steps. 
Consider any a > 1 + A ■ W + Xj . Consider the set 

X a = {xj \i + a- A < j < i Q + a ■ (A + 1)} 

Since, |xj+i — Xj| < W for i in the given sequence, for any x,x' G X a , we must have \x — x'\ < 
A • W. Also, there exists x a G X a such that x,- la + a < Xj . Thus, for all x G X a , we have 

x + a < x io +N -W 

Since a > 1 + iV • W + Xj , we have, 

x + 1 + N ■ W + x io < x io + TV • W 

Rearranging, we get x < — 1. Thus, for alH > (2 + N ■ W + Xj ) • iV, we have x\ < — 1. □ 

Corollary 1. Consider a play p = q$qi ... o/ a finite-state game graph G. The following assertions 
hold. 

1. Suppose there exist i$ > and TV > stic/i that for all i > iq, there exists I < rrii < N such that 
Sum(p(z)) > Sum(p(i + m^)). T/ien, AvDebSum(p) = oo. 

2. Suppose there exist iq > and > stic/i that for all i > iq, there exists 1 < m; < A stic/i ^/ia^ 
Sum(/9(i)) < Sum(/9(i + rrij)). Then, AvDebSum(p) = 0. 

Proof For the first assertion, it can be shown that there exists i' > and A > such that for all 
i > i' , there exists 1 < m 8 < A such that DebSum(p(i + wij)) > DebSum(p(i)). The proof of the 
first assertion follows from the first part of Lemma 4, and by the definition of DebSum(/9(n)). 

The proof of the second assertion follows from the second part of Lemma 4, and noting that if 
- Sum(p(n)) < then DebSum(/9(n)) = 0. □ 

Lemma 5. The following assertions hold: consider a weight function w, and coBiichi objective 
coBuchi(C), and then we have 

1. //Opt(DebSumCB)(g) = oo, then Opt(AvDebSumCB)(^) = oo. 

2. J/Opt(AvgCB)(g) > 0, then Opt(AvDebSumCB)(g) = 0. 

Proof. We present proof of both the items. 

1. If Opt(DebSum)(g) = oo, then consider a finite-memory optimal strategy 7r| for player 2 (such 
a strategy exist by Theorem 1). Once the strategy 7r| is fixed we obtain a graph where only 
player 1 makes choices. Since Opt(DebSumCB)(a) = oo, it follows that for every cycle U in the 
graph the sum of the weights in U is negative, and there is at least one state in U that is not a 
coBiichi state (i.e., U D(Q\C) ^ 0). Since all cycles are negative the first condition of Corollary 1 
is satisfied for all paths with A as the size of the graph. Moreover the coBiichi objective is also 
falsified. This concludes the proof of the first item. 

2. The condition Opt(AvgCB)(g) > is equivalently saying that player 1 can enforce a cycle U 
such that the sum of weights of U is positive or U C C. Consider a memoryless optimal strategy 
for player 1 for the limit-average objective with coBiichi disjunction (such a strategy exist by 
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Theorem 1). Since Opt(AvgCB)(g) > 0, it follows that in the graph obtained by fixing the 
strategy, for every cycle U either the sum of the weights is positive or U C C . Either the 
coBiichi objective is satisfied or if the cycle has positive weights then the second condition of 
Corollary 1 is satisfied. In either case the desired result of the second item follows. □ 

Reduction to mean-payoff coBiichi games. We now use the above lemma to solve the average 
debit sum problem. Using the above lemma, and solution for Opt(DebSumCB) and Opt(AvgCB) 
we can identify whether Opt(AvDebSum) is infinite or 0. If Opt(DebSumCB)(g') is finite, and 
Opt(AvgCB)(g) = 0, it follows that both players can play strategies to ensure that all cycles formed 
after their chosen strategy is fixed has sum of weights exactly equal to 0, and has a non coBiichi 
state. Observe that a positive cycle is only favorable for player 1 for the average debit sum objective, 
and a negative cycle is favorable for player 2. Hence there exist optimal plays for the average debit 
sum objective where for all cycles formed along the play the sum of the weights of the cycle will 
exactly be 0. Thus we reduce the average debit sum problem to solving a larger mean-payoff game as 
follows: we keep track of the current sum of weights, and since all cycles formed will have exactly 
sums, we only need to keep track of weights from —\Q\ ■ W to \Q\ ■ W. For the limit-average game, 
we construct a weight function according to the current sum of weights, i.e., if the current sum of 
weights is £, then the weight function assigns value max(-l, 0). The optimal value of the constructed 
game with limit-average objective is the optimal value for the average debit sum objective in the 
original game. The constructed game has 0(\Q\ 2 ■ W) states, 0(\E\ ■ \ Q\ ■ W) edges, and the maximal 
absolute value of the weight is 0(\Q\ ■ W). Thus our reduction and Theorem 1 yield the following 
result for average debit sum objectives. 

Theorem 3. The optimal player-1 strategy, and the optimal value Opt(AvDebSum)(g) for average 
debit sum objective with coBiichi disjunction can be computed in time 0(\Q\ 6 ■ \E\ ■ W 4 ). □ 

From debit-sum to difference-sum. An easy extension of the debit-sum objectives is instead 
of the sum of the weights, we consider the absolute values of the sum of the weights. We call the 
corresponding version as Diffsum instead of DebSum. This can be modeled as two weight functions 
(the original weight function and its negation), and then apply results for two-dimensional energy 
and mean-payoff games with disjunction with coBiichi objectives. Applying our techniques to solve 
eventual debit sum, and average debit sum, along with the results of [Cha+10; ChalO; VR11] we 
obtain the following result. 

Theorem 4. The optimal player-1 strategy, and the optimal value for difference-sum func- 
tion with coBiichi disjunction, Opt(DiffSumCB)(g) ; the optimal value Opt(EvDiffSumCB)(g) for 
the eventual difference sum level objective with coBiichi disjunction, and the optimal value 
Opt(AvDiffSumCB)(g) for average difference sum objective with coBiichi disjunction, can all be com- 
puted in 0(poly(Q, E,W)) time, where poly is a polynomial function. □ 

5 Quantitative Timed Simulation Functions 

In this section, we first define quantitative timed simulation functions for timed transition systems 
in Subsection 5.1 in a game theoretic framework. We next present the model of timed automata in 
Subsection 5.2. finally, we present algorithms for computing the quantitative simulation functions 
in Subsection 5.3. 
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5.1 Quantitative Timed Simulation Functions from Timed Games 

Timed Transition Game Structures. A timed transition game structure is a tuple & t = (S, — >) 
where 

— S is the set of states player-1 states Si and player-2 states S2 (i.e., S = S\ US2 and S\ HS^ = 0)) 

— — >■ C S x 1R + x S is the transition relation such that for all s £ S there exists at least one s' € S 
such that for some A, we have s s'. 

Plays, objectives, strategies, outcomes etc. are as in finite games (Section 4). 

Quantitative Timed Simulation Functions. Analogous to the game theoretic presentation of 
timed simulation games, we now present a game theoretic definition of quantitative timed simulation 
functions. Recall the two player turn-based bipartite timed transition game structure &t(A x , A s ) 
defined in Section 3. Consider a play p in &t(A t , A s ): 

(s° x , si 2) ^ (si si 1> S (si, si 2) ^ . . . 

A A 1 

Let p(r) be the projection on A t , thus p(x) is the A x trajectory s x — T -> — ^ .... Note that p(r) is 
a valid trajectory in A t . We define p(s) similarly. 

Definition 1 (Metric Over Simulation Game Plays). Recall the D|viaxDiff> DumMaxDiff; ^AvgDiff 
trajectory trace difference metrics defined in Section 2. For& £ {DiviaxDifh ^LimMaxDiff , ^AvgDiff}; we 
define i^ Timedlv as follows for a play p in G t {A x ,A s ): 

^Timediv ( p ) = f° *M*) i Timediv(A) n 

1 \F(p(t), p(s)) otherwise 

Note that $ rTimedlv C an be viewed as a metric over trajectories of timed transition systems. 

Definition 2 (Quantitative Timed Simulation Functions). Let A X ,A S be timed transition 
systems, and let &t(A x , A s ) be the two player turn-based bipartite timed transition game structure 
defined in Section 3. The value of the quantitative simulation function S^Tin,ediv((s r , s B )), for s x and 
s s states ofA t and A, respectively, and for ^ Timediv G {^A^^^^J^fh " de fi ned as 
follows. 

S 9 T, m ^({s t ,8,)) = inf sup ^ Timediv (p(vr r ,7r s ,( Sr , Ss ,2))) 

where p(ir x ,7r s , (s x ,s s ,2)) is the trajectory which results given the player-1 strategy ir s € LI S and the 
player-2 strategy ir x G TL X . Equivalently, 

§^t^((s x ,s s }) = 0pt(^ Timediv )(( Sr , Ss ,2)) □ 

The following lemma shows that §, n Timediv and Stj.. coincide for well-formed TTS (the function 

b ^MaxDifF ^MaxDiFF V 

§D MaxDiff is defined without regard for time-divergence, i.e. using & = ©MaxDiff instead of t£ rTimedlv i n 
Definition 2). 

Proposition 7. Let A x and A s be timed transition systems, and let A x be well-formed. For any 
states s x of A x and s s of A s , we have 

S D™iv((Sr, S B }) = SD MaxDifF ((s C , S.g)) □ 

MaxDifF 
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5.2 Timed Automata 



Timed automata [AD94] suggest a finite syntax for specifying infinite-state timed game structures. 
A timed automaton T is a tuple (L, S, C, (i, — ¥, 7, So) , where 

— L is the set of locations. 

— U is the set of atomic propositions. 

— C is a finite set of clocks. A clock valuation d:C4 JR + for a set of clocks C assigns a real value 
to each clock in C. 

— jjL : L i-s- 2 E is the observation map (it does not depend on clock values). 

— — >C. L x L x 2 C x <£(C) gives the set of transitions, where ^(C) is the set of clock constraints 
generated hy ip := x < d\ d < x \ ->ip \ ipi A ip2- 

— 7 : L h-> Constr(C) is a function that assigns to every location an invariant on clock valuations. 
All clocks increase uniformly at the same rate. When at location I, a valid execution must move 
out of I before the invariant j(l) expires. Thus, the timed automaton can stay at a location only 
as long as the invariant is satisfied by the clock values. 

— So C L x IR + ' C ' is the set of initial states. 

Each clock increases at rate 1 inside a location. A clock valuation is a function k:Ci-> K>o that 
maps every clock to a nonnegative real. The set of all clock valuations for C is denoted by K(C). 
Given a clock valuation re G K{C) and a time delay A G IR>o, we write k + A for the clock valuation 
in K(C) defined by (re + A){x) = re(x) + A for all clocks x G C. For a subset A C C of the clocks, 
we write re[A : = 0] for the clock valuation in K(C) defined by (re[A := 0])(x) = if x G A, and 
(re[A := 0})(x) = k(x) if x A. A clock valuation n G K(C) satisfies the clock constraint 9, written 
re |= 0, if the condition 9 holds when all clocks in C take on the values specified by re. A state 
s = (I, re) of the timed automaton 7 is a location / G L together with a clock valuation re G K(C) 
such that the invariant at the location is satisfied, that is, re |= 7(7). We let S be the set of all states 
of 7. An edge (/, /', A, 9) represents a transition from location I to location /' when the clock values 
at / satisfy the constraint g. The set A C C gives the clocks to be reset to with this transition. 
The semantics of timed automata are given as timed transition systems. This is standard [AD94], 
and omitted here. 

Clock Region Equivalence. Clock region equivalence, denoted as = is an equivalence relation on 
states of timed automata. The equivalence classes of the relation are called regions, and induce a 
time abstract bisimulation on the corresponding timed transition system. There are finitely many 
clock regions; more precisely, the number of clock regions is bounded by \L\ ■ Y[ x( , c {c x + 1) • |C|! • . 
For a real t > 0, let frac(t) = t—\t\ denote the fractional part of t. Given a timed automaton game T, 
for each clock x G C, let c x denote the largest integer constant that appears in any clock constraint 
involving x in 7 (let c x = 1 if there is no clock constraint involving x). Two states rei) and k±) 
are said to be region equivalent if all the following conditions are satisfied: (a) h = h, (b) for all 
clocks x, Ki(x) < c x iff K2(x) < c x , (c) for all clocks x with rei(x) < c x , [ki(x)\ = [k2(x)\, (d) for all 
clocks x,y with rei(x) < c x and rei(y) < c y , frac(rei(x)) < frac(rei(x)) iff frac(re2(x)) < frac(re2(x)), 
and (e) for all clocks x with K\{x) < c x , frac(rei(x)) = iff frac(re2(x)) = 0. Given a state (/, re) of 
7, we denote the region containing (/,re) as Reg((Z,re)). 

Region Graph. The region graph Reg(T) corresponding to 7 is the time-abstract bisimulation 
quotient graph induced by the region equivalence relation. The states of Reg(T) are the regions of 

7. There is a transition R — > R! iff there exists s G R and s' G R' such that s s' for some A > 0. 
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5.3 Computation of Quantitative Simulation Functions on Timed Automata 

In this subsection we solve for quantitative simulation functions on timed automata by reducing 
the problem to games on finite-state graphs. For ease of presentation we assume that all clocks are 
bounded, i.e., that the invariants of each location can be conjuncted with the clause f\ x eC ( x < c max ) 
for some constant c max . The general case where clocks may be unbounded can be solved using similar 
algorithms, with some additional bookkeeping. 

The solution involves the following steps. We first enlarge the timed game structure correspond- 
ing to 7 in Sub-subsection 5.3 in order to measure elapsed time, and to measure the integer time 
boundaries crossed. Then, we define integer quantitative simulation functions which depend only 
on the integer time boundaries crossed in Sub-subsection 5.3, and show that these integer simu- 
lation functions are close to the original (real-valued) simulation functions. Then, we show that 
these integer simulation functions can be computed on finite game graphs in Sub-subsection 5.3. 
Finally, we present the algorithm which ties all the steps together, and show that we can compute 
the quantitative simulation functions to within any desired degree of accuracy. 

Enlarging the Timed Game Structure Given a timed automata 7 where all the clocks are 
bounded by c max , let [T] denote the timed transition system obtained by adding to 7 an extra clock 
z, which cycles between and 1 for measuring elapsed time, and an integer valued variable ticks 
which takes on values in lN< Cmax , where IN< Cmax denotes the set {0, 1, ... , c max }. Formally, the set 
of states of {7} is fifPI = S x 1% !) x IN< Cmax , where S is the set of states of 7. The state (s,%,<L) 
of [T] has the following components: 

— s is the state of the original timed automaton 7; 

— i is the value of the added clock z which gets reset to every time it crosses 1 (i.e., if n' is 
the clock valuation resulting from letting time A elapse from an initial clock valuation k, then, 
I = k'(z) = (k(z) + A) mod 1); and 

— <L denotes the value of the integer variable ticks, and is equal to the number of integer boundaries 
crossed by the added clock z since the last transition: if the clock valuation in the previous state 
was k, and the transition time duration is A, then I = [k(z] + A\ in the current state, where |_ 
denotes the integer floor function. Note that since all the clocks in 7 are bounded by c max , we 
have I < c max , as the maximum duration of a transition is c max , and k(z) < 1 in the previous 
state. 

The region equivalence relation can be expanded to [T] states. Two states ((h,Ki) ,3i,^i) and 
((I2, K2) 32, da) of [T] are defined to be region equivalent if (h,di) = (fo,d2), and n\~ n = , 
where n*~ il denotes the clock valuation on C expanded to a clock valuation to C U {z} by 
mapping z to 3$ (we denote the enlarged clock valuation be denoted as k). Similar to the region 
graph Reg(T), we define an untimed finite state bisimulation quotient graph Reg([T]) for [T]. 

Given a state s of T, we denote by [s] the state (s, 0, 0} of [T]. For a state trajectory iraj = sq ^ 

s\ -V . . . , we let iraj[i] denote the state Sj. Given a state trajectory iraj of the timed automaton 

7, we denote by {iraj} the [T] trajectory [iro>'[0]] % Si -V S2 • • • , where Sj = (si,$i,di), and }i,di 
values are according to the times of the transitions (letting [irai[0]] = So- That is, {iraj} denotes the 
trajectory obtained by adding the clock z, and the integer variable ticks, where the values for both 
the new variables are set to in the starting state [iraj[0]]. The new variables just observe the time, 
and the integer boundaries crossed for each transition according to the semantics for [T] described 
previously. The first component of [iraj[i]J is the same as the state iraj[i] for all i. 
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The next Lemma shows that a trajectory is time-divergent iff it satisfies a Biichi constraint. 

Lemma 6. Let iraj be a trajectory of a timed automaton 7 in which all clocks are bounded by M. 
The trajectory iraj is time-divergent iff [iraj] satisfies the Biichi condition Biichi ticks = ij 

Proof The proof follows from the fact that trajectory iraj is not time- divergent iff global time 
does not progress beyond some integer U. This happens iff time crosses only finitely many integer 
boundaries. Now, global time crosses an integer boundary at step n iff ticks = ij is true at 

step n. Thus trajectory iraj is not time-divergent iff ^V^i ticks = ij is true only finitely often. 

Equivalently, trajectory iraj is time-divergent iff ticks = ij is true infinitely often. □ 

Integer Time. For the trajectory [iraj], let time'j^j)^] denote the number of integer boundaries 
crossed upto the i-th transition: 

time^jH = Ltimep rail [z]J 

We have the following lemma which expresses time 1 ^] [i] in terms of the of the values of the 
ticks variable in traces. Note that the value of the ticks variable is zero in the first state of a valid 
trajectory [iraj]. 

Lemma 7. Let iraj be a trajectory of a timed automaton 7 in which all clocks are bounded. We have 
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3=0 

where li is the value of the ticks variable in [iraj] [i] . 

Proof. The proof follows from the definition of the ticks variable updates: the updates count the 
integer boundaries crossed by the z which measures elapsed time □ 

The Integer Trace Difference Metrics D'MaxDifFj 2)'umMaxDiff j and D'/wgDiff Corresponding 
to the trace difference metric 2)^0, for tp = MaxDiff, LimMaxDiff, AvgDiff, we define the trace 
difference metric 2)"$(), by substituting time mt () for timeQ in the definition of T> v (), and using only 
the location component of 7 for matching. E.g., letting [iraj][n] = ((l n ,K n ) , 3 n) ^n) an d {iraj ][n] = 
((CO.JnX). wehaveD^Diffdira^lJira/]) = 

oo if //(/„) / n(l' n ) 

for some n 

, sup n {| t\mef r ^(n) - time^](n)|} otherwise 

The following Lemma shows that closely approximates D^Q. 

Lemma 8. Letiraj^ andiraj 2 be two trajectories of a timed automaton 7. The following assertions 
are true for (p £ {MaxDiff, LimMaxDiff, AvgDiff}. 
1. V v (lira h l Praj 2 ]) = oo iff D^Qira^], [ira^]) = oo. 
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2. If both V^dirajJ, [fraj 2 ]) and ©^([irojj, [iraj 2 ]) are /ess than oo, then 

%( [irajj, [irajj) + 1 > ©^([imjj, [<raj 2 ]) > %( [irajj, [<raj 2 ]) - 1. 

Proof. Let us denote the sequence timep m j](n) as the sequence timej iro yj(n) as x'(n), the 

sequence time'p^^n) as y{n) and the sequence time^y^n) as y'(n). We have 

x(n) — 1 < y{n) < x(n) 
x' (n) — 1 < y'(n) < x'(n) 

Thus, we have 

x{n) — x'(n) — 1 < y{n) — y'{n) < x{n) — x'{n) + 1 

Hence 

\x(n) — x'(n)\ — 1 < \y(n)—y'(n)\ < \x(n) — x'(n)\ + 1 

It follows that 

sup |x(n) — x'(n) \ — 1 < sup |y (n) — y'(n) | < sup |x(n) — x'(n) | + 1 

n n n 

Thus, we have the results for ip = MaxDiff. 

We also have the following two relationships 

lim sup \x(n) — x'(n) \ — 1 < lim sup \y(n) — y'{n)\ 

U^oo n>u ' U^oo n>u 

lim sup \y{n) — y'{n)\ < lim sup \x{n) — x'(n)\ + 1 

U^oo n>u U-¥co n>u 

This gives the results for <p = Lim MaxDiff. 

Next, we note that for every n, the following two relationships hold. 

E?=os(3)-n < g^pyg) < Ej=o^(j) 
n n n 

J2]=ox'(j)-n Ej= y'ti) E"=o ^(i) 

n n n 

And thus, 



S?=o*(j) 1 < E"=oi/(j) < E"=o^(j) 

n n n 

— i < — < — 

n n n 

Then, applying similar reasoning as in ip = LimMaxDiff, we get the results for ip = AvgDiff. □ 
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Integer Quantitative Timed Simulation Functions Using D'UiaxDiff, D'T^mMaxDiff, and 
D'AvgDiff) we can define integer quantitative simulation functions which approximate S^-nmediv for 

i7>Timediv c Jrp>Timediv rpvTimediv ■"p>Timediv\ 
w fc l^MaxDiff ' ^LimMaxDiff ' ^AvgDiff J " 

Definition 3 (Integer Metric over Simulation Game Plays). For A G 

{©^axDiff, & ttmMaxDiff, D'AvgDiff}, we define ^imediv Q ffls /o//fl ^ /flr fl p m g^], fj;]) . 

^Timediv (p) = |0 */p(t) £ Timediv([T r ]) n 

1 yl(p(r), p(s)) otherwise 

The integer quantitative simulation functions S ^Timediv ((s c , s s )), can now be defined exactly as in 
Definition 2, using yl Timedlv instead of $ rTimedlv . The formal definition is given below in Definition 4 

Definition 4 (Integer Quantitative Timed Simulation Functions). Let T r ,T s be timed au- 
tomata, with the corresponding enlarged timed transition systems [T r ], [T s ] respectively, and let 
(5i([v4 r ], [A,]) be the two player turn-based bipartite timed simulation game structure. The value 
of the integer quantitative simulation function S /1 Timediv(([s r ], for [s r ] and [s s ] states of {A t J 

and {A s j respectively, and for A G {D'TJiaxDiff, £>' UmMaxDiff, ^"AvgDiff}, is defined as follows. 

S A T, m ^(([8 t ],[8 B ]))= inf sup ^ Timediv (p(7r t ,7r s ,([ St ],[ S5 ],2))) 

where p^t,^, ([s r ], |s s ],2)) is the trajectory which results given the player-1 strategy tt s G LJ S and 
the player-2 strategy ir x G il r . □ 

Let p be a play of the simulation game ©t([A r ], \A s j). The next lemma states that closeness of 
the trajectories p(t),p(s) according to integer trajectory distances is approximately the same as the 
normal (real-valued) trajectory distances, 

Lemma 9. Let T r ,T s be timed automata, with the corresponding enlarged timed tran- 
sition systems [T r ],[T 5 ] respectively, and let &t(lA t J, [A,]) be the two player turn- 
based bipartite timed simulation game structure. The following assertions are true for 
(A, G {(© l MaxDiff,^MaxDiff),(^ l LLMaxDiff,^LimMaxDiff},<^ l AvgDiff,I ) AvgDiff}}, for any play p of 

6 t ([A],[A]). 

1 ^Timediv ( p ) = ^ jfi ^Timediv ( p ) = ^ 

2. If both yl Timediv (p) and V Timediv (p) are less than oo then 



^Timediv ^ _ ^Timediv ^ 



< 1 



Proof. The result follows from Lemma 8 and by the definitions of A 1 imedlv (p) and & 1 ,med,v (p). □ 

Lemma 10. Let {(x r ^ s ,y rjS ) | r G R, s G S} be a set of tuples of numbers for some give sets R,S 
such that x rjS G IR+ and y rjS G IR^ where IR+ = IR + U {oo}. Let both the following conditions hold: 

1. For all r, s we have x rjS = oo iff y r , s = oo. 

2. There exists some a G IR + such that for all r, s, if 

— x rjS oo and 

- Vr,s / oo 

then, \x r>s — y rtS \ < a. 
Then, the following assertion are true. 
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1. inf sg ssup rgjR x r)S = oo iff inf seS sup reR y r>s = oo. 

2. If inf sG 5 sup rgR x T:S < oo and inf sg s sup rgR y r:S < oo then 



inf sup x rtS — inf sup y r ^ s 



< a 



Proof. We prove both the assertions. 

1. Suppose inf^s sup rgi? x r)S = oo (the other direction is symmetric). We must have that for every 
s G S the entity sup rgR x rjS = oo. We show that: 

Fact-1: For every s G S, if sup rgR x rjS = oo. the entity sup rgR y r)S = oo. 
Fix some s G S. 

— If there exists some r G i? such that x rjS = oo, then by the conditions of the lemma, y T)S = oo. 
Thus sup rgjR y r , s = oo. 

— Suppose for all r G R we have x rjS < oo. By the conditions of the lemma, for all r G R we 
have \x r s — y r ,s\ < a - Thus, if sup rg ^x r)S = oo, then sup r£R y rjS = oo. 

Thus Fact-1 is true. Hence, sup rgR y riS = oo for every s G S. Thus, inf sg s sup rgR y rjS = oo. 

2. Suppose we have both inf s6 s sup rgJ j x r - tS < oo and inf sg s sup rgi j y r - tS < oo. 
Fix some s G S. 

— Suppose sup reR x rjS = oo. We have that sup rgR y rjS = oo by Fact-1 above. 

— Suppose sup rgR x rtS < oo (note that there must exist at least one such s otherwise 
inf se 5 sup rgK x T: s = oo). Thus, for this s, we have that for all r G R, the quantity x r ^ s < oo. 
By the conditions of the lemma, we have that for this s, for all r G R, the quantity y r ^ s < oo, 
and that |ar rjS — y r>s \ < a. This implies that 

| supx rjS - supy rjS | < a 

reR r&R 

Let p s = sup rgR x rjS , and q s = sup rgi? y rjS . From above, we have that for all s, it holds that 
either 

— Ps = Qs = oo, or 

— \p e ~ Qs\ < a. 

Also, it holds that for at least one s, we have p s < oo. Thus, can throw away the p s numbers 
such that p s < oo in the computation of ini s p s . For the rest, since \p s — q s \ < a, we have that 
| mf s p s — infj; q s \ < a. Thus, the second part of the assertion is true. □ 

The following proposition states that the integer simulation functions closely approximate the 
original quantitative simulation functions. 

Proposition 8 (Integer Simulation Functions Approximate Quantitative Sim- 
ulation Functions). Let T r ,T s be timed automata, with the corresponding en- 
larged timed transition systems [T r ],[T s ] respectively, and let (3f([^4 r ], [A,]) be the 
two player turn-based bipartite timed simulation game structure. For (A, \P) in 
{(^MaxDiff, ^MaxDiff) , (f'ftmMaxDiff , ^LimMaxDiff } , (D%gDiff, DAvgDiff}}, we have the following 
assertions to be true. 

1. S A Timediv(([s t ], \S S \)) = OO iff S^Tl m ediv(([s t ], \s s \)) = CO. 

2. If S yl Timediv(([s r ], \s B \)) < oo and S^Timediv(([s r ], [s s ])) < oo, then 

\§ a t^({{s,1 {s s }}) - V-d;v(([ Sr ], ls s }})\ < 1 
Proof. The proof follows from Lemma 10 and Lemma 9. □ 
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Reduction to Games on Weighted Game Graphs In this section we show how to compute 
the values of the integer quantitative simulation functions by reductions to finite state games. First, 
we show that the values of the integer quantitative simulation functions are exactly the same on 
region graphs as on timed automata. 

The Integer Trace Difference Metrics and Simulation Functions on Untimed 
Region Graphs. Wc first lift the integer trace difference metrics yl Timedlv for A € 
{£> m MaxDiff, ^'umMaxDiff, ^AvgDiff} to (untimed) region graphs. Let Reg([7j) be the region graph 
corresponding to the enlarged time game structure [T] as defined in Sub-subsection 5.3. Let the 
observation function p, be defined as p((l,K,$,£)) = (p(l),d). 

Given the two timed automata 7 V ,7 S , consider the untimed simulation game 
6l(Reg([T t ]),Reg([T fi ])) defined to be the untimed simulation game & u (Reg([T r J), Reg([T B ])), 
but with the observation function p,^(((l,K,$,cL)) = p(l). For a play p of &t, we define p(r) and 
p(s) as the projections on Reg([T c ]) and Reg([T s ]) respectively. For a region graph Reg([T]) we 
define Timediv(Reg([T]) as the set of runs satisfying the Biichi condition Buchi (Vi=i* ticks = i). 
By Lemma 6, this has the intended meaning of encoding time divergence. Next we define yl Timedlv 

for A e {X» in rJiaxDifF, & ftmMaxDiff, ^vgDiff } 011 P la y s of ®« ( Re g(M), Reg(ps])) using Lemma 7 
as defining time 1 Re g (p m j])(z) in terms of the ticks variable. Finally we define the integer simulation 
functions as in Definition 4. 

The next lemma states that the values of the integer simulation functions of the region graphs 
are the same as that on timed automata. Note that region graphs are untimed structures. 

Lemma 11. Let T r ,T s be timed automata, and let Reg([Tj), Regd*^]) be region graphs of the cor- 
responding enlarged timed game structures [T r ], [T s ] respectively. For any states [sj of [TJ and [s 5 \ 
of we have 

S^:I' ra) ((M,M}) 

S^ (M) ' Reg(M)) ((Reg(M),Reg([ Ss l))) 
where A € {V'% 3xD]f f , V' ^MaxDiff, ^AvgDiff}- 

Proof. For any timed automata T, we have that Reg([T]) is a bisimulation quotient of [T] for 
the observation function p. Thus, given any play p of <5t([T r ], [T s ]), there exists a play /?R eg of 
©lt(Reg([T r ]), RegdXi])) such that />R eg (t) and /?R e g(s) have the same (untimed) observation trace 
sequences as p(x) and p(s) . The dual fact for any play pR eg of 6l(Reg([7 t l), Reg([T 5 ])) also holds 
due to the bisimulation. 

Consider the definition of the simulation function S^Timediv on any game structure. Note that it 
depends only on the values of \x on the timed automata locations, and the values of the ticks variable 
in the trajectory states, that it, it depends only on the untimed observation trace sequences of the 
plays. Since these untimed observation trace sequences are the same for (Sl(Reg([T t ]), Reg([T s ])) 
and ©t([T t ], [T s ]) from above, we have the desired result. □ 

The weighted finite untimed game graph j(Reg([T r J), Reg([T s ])) . 

Now we construct a finite weighted game graph 5 r (Reg([T r ]), ([T s ])), on which we can use the 
algorithms of Section 4, to compute the values of the integer quantitative simulation function for 
©i(Reg([T r ]), RegdTs])). The game structure 5 is essentially the untimed simulation gctme &u over 
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the region graphs, where weights are assigned to transitions based on the tick values of the region 
states. Formally, #(Reg([T c ]), Reg([T s ])) (denoted g in short) is the tuple (S$, w$), where 

- S$ = Sfu Si, and 

★ The set of player-2 states is Sf = S Re s(^J) x ^(M) x {2}, where S^PO) is the set of 
states of Reg([T t ]), and S Re s(M) is the set of states of Reg([T s ]). 

★ The set of player-1 states is Sf = S Re ^ 7 ^ x S Re g(P=l) x {1}. 

- — ^ is the set of edges where 

★ The player-2 transitions are: 
(Reg((/ c ,^,4)),Reg([s s ]),2) — ► (Reg <)) , Reg ([*,]) , 1>, 

such that Reg((l v ,K v ,i v )) — > Reg ((^)^ti<0) is a valid transition in Reg([T r ]). 

★ The player-1 transitions are: 

(Reg([s t ]) , Reg «4,/%,4}) , 1) — ► (Reg(M) , Reg «£,#„4» ,2), 
such that 

1. Reg ((l s , k s ,cL s )) — > Reg ((1' s ,k' s , d,' s )) is a valid transition in Reg([T s ]); and 

2. [V (Reg ([s c ])) = \v (Reg ([s^] )), that is, the observation on the (timed automaton) location 
of Reg(s^) is the same as the observation on the location of Reg(s r ). 

If there is no outgoing transition from a player-1 state according to the above rules, we add 
a dummy transition to a sink state s s j n k which we define to be such that the Opt value for 
player 1 is oo for all objectives from s s | n ^ . 

- The weight function vfi is given as follows. 

★ vfi{e-i) = for any edge e2 originating from a player-2 state. 
, *( (Reg((/ c ,K t ,4)),Reg((/ s ,K s ,4)),l) — > 

V <Reg((Zt,^,4»,Reg«C^.4».2> 
We note that £ t . is the number of integer boundaries crossed by the clock z in a transition to go 
from any state in Reg ((Z t , k x , l x )) to any state in Reg ((l' x , k' x , 4)) , and similarly for inttran(^ s , d! s ). 
Thus, the weights 4 — 4 encode the difference of the integer boundaries crossed by the clock z 
in the region graphs Reg([T r ]) and Reg([T s J). 

The next lemma states that to compute the values of the integer quantitative simulation func- 
tions on the region graphs, we can use the objectives DiffSumCB, EvDiffSumCB, AvDiffSumCB on 
the weighted finite game ff(Reg([7 t ]), Reg([T s ])). 

Lemma 12. Let T r and % be well-formed timed automata such that all clocks are bounded 
by c max , and let 5(Reg([T r ]), Reg([T s ])) be the weighted game structure corresponding to 
©l(Reg([T r ]), Reg([T s ])), as described above. Fix the coBilchi objective coBiichi(iicfcs r = 0) in 
the following. For (A,S) equal to (D m M ax Diff, DiffSumCB), or (D'umMaxDiff, EvDiffSumCB), or 
(D'AvgDiff; AvDiffSumCB), we have 

4^ (ITtI) ' Reg(M)) ((Reg(M),Reg ( [ Ss ]))) 

( ^(Reg([mRe g (M)) ( <Reg([at])> Reg( W)j 2) ) 

Proof. Note that every finite play p®" of 6u in which player 1 has not lost (in the untimed simulation 
game) corresponds to a finite play p$ in # in which the sink location s s j n |< has not been visited, and 
similarly for the other direction. The move choices for both players are the same, apart from Ssink 
transitions. Conversely, any states Reg([s r ]), Reg([s s ] are not untimed similar in & u iff in the game 



j is the value i x — d! s 
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5, for every player-2 strategy, player 1 has a strategy which forces the play into the sink location 
and thus leads to an oo value for all the quantitative objectives. 

Thus, consider the case where Reg([s c ]), Reg([s s ] are untimed similar in ©L Now, Timediv has 
been defined as Buchi (Vi=i x ticks = i) earlier, on the untimed region graphs. This Biichi condi- 
tion is equivalent to -> coBuch\(ticks = 0). Thus, the condition p s "(r) ^ Timediv holds iff p$ € 

coBuchi (ticks x = 0) holds. Finally, we note that for any play p &u (tt z , tt s , (Reg([s r J), Reg([s s J), 2)) , 
the corresponding play p^(7r c ,7r s , (Reg([s r ]), Reg([s s ]), 2)) is such that 

1. For every i > 0, we have 

time fct)w M - tme p^ ] = fy{^ - ^ ftw) 

2. For every i > 0, we have 

w^^[2i] — > p s [2i + 1]) =0 
The desired results follow. □ 

Precision of the Integer Simulation Functions. Given a positive integer a > 1, and a timed 
automaton 7, let a ■ T denote the timed automaton obtained from T by multiplying every constant 
by a. Note that if clocks are bounded by c max in 7, then clocks are bounded by a • c max in a ■ 7. 
The automaton a ■ 7 is just 7 with a blown up timescale. One time unit in 7 corresponds to a time 
units in a ■ 7. We let a ■ [T] = [a • 7} , and 

a • (1,k,$,(L) = (I, a ■ k, frac(a • 3), [a • 3 J + a ■ I) 

where frac(/3) denotes the fractional part of 0, i.e. (3 — |_/3J for (3 > 0. Note that in a ■ [T], the clock 
z still cycles from to 1. Thus, we first blow up the time scale of 7 to obtain a ■ 7, and then take 
the expanded game structure {a ■ T] . 

Lemma 13. Let 7 X ,7 S be timed automata, with the corresponding enlarged timed transition systems 
[T r ], [T s ] respectively, and let <5i([L4 t ], [A,]) be the two player turn-based bipartite timed simulation 
game structure. Forty € {©MaxDifh ^LimMaxDifF; ^AvgDiff}; f or an V ct a positive integer, and for any 
states [s r ] and [s s ] of [T r ] and [T 5 ] respectively, we have 

a ■ S&™((k], [*,]» = §^Sf ra (<a • [*],«■ [«J» 

Proof. The proof follows from observing that the times in a ■ 7 are just the times in T multiplied 
by a. □ 

The following lemma states that integer simulation functions can approximate the real-valued 
simulation functions to within any desired degree of accuracy. 

Proposition 9 (Integer Simulation Functions Approximate Quantitative Simula- 
tion Functions to Any Desired Degree). Let 7 V ,7 S be timed automata, with the cor- 
responding enlarged timed transition systems pV[,[[T 5 ] respectively, and let &t({A x }, {A S J) 
be the two player turn-based bipartite timed simulation game structure. For {A, ty) in 
{(f'UlaxDiff, 2?MaxDiff) , (^'TjmMaxDiff , 2)|_ imM axDiff } , (D% g DifF, DAvgDiff}}, and for any positive inte- 
ger a > 0, we have the following assertions to be true. 
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1. S A Timediv((a • [s r ],a • [s s D) = oo ij9 r S^Timediv(([s t ], [s s \)) = CO. 

2. If § A T,medw((a • [s r ],a • < oo and S^Timediv(([s t ], [s s ]}) < oo ; f/ien 



a 1 • § yl T im ediv((a • [S r ],a • [S B ]}) - S^Timediv(([s r ], | <- 



Proof. The proof follows from Lemma 13 and Proposition 8 applied to a ■ T r and a ■ X 



□ 



Final Algorithms and Results Applying Proposition 9, and Lemma 12, and the results 
of the previous section on games on finite state game graphs, we obtain the following The- 
orem which states that the values for the quantitative simulation functions S^Timediv for \P € 
{^MaxDiff, ^LimMaxDiff, ^AvgDiff}, can be computed to within any desired degree of accuracy using 
the algorithm in the function h& >a (s x , s s ). 

Theorem 5. Let T r and 7 S be well-formed timed automata such that all clocks are bounded by c max; 
and let a > 1 be a positive integer. For \P € {©MaxDiffj ©LimMaxDifT, £>AvgDifr};a^ for S^Timediv the 
quantitative timed simulation function, the function hy j0l Q is such that for any states s x o/T c and 
s s of7 s , either 

1. S^Timediv((s v , s s )) = /i^, Q (s c ,s s ) = oo; or 

2. Both values are finite and 



Proof. The proof follows from Proposition 9 and Lemma 12. Since #(Reg([a • T r J), Reg([ct • 7 s j)) 
is a finite weighted game graph, the value of h& j0t (s t ,s s ) can be computed using the algorithms of 



Concluding Remarks. We have presented algorithms for computing the various types of quanti- 
tative timed simulation function values (to any desired degree of accuracy) for timed automata. We 
note that the optimal player- 1 strategies in the games required for quantitative timed simulation 
function values are also computable, and are witnesses to the quantitative simulation function values 
(dual to simulation relations witnessing the simulation decision problem). 
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